diff --git a/.vib/vault/cypress/cypress/support/commands.js b/.vib/vault/cypress/cypress/support/commands.js index 904e259125..5eb9a2a14c 100644 --- a/.vib/vault/cypress/cypress/support/commands.js +++ b/.vib/vault/cypress/cypress/support/commands.js @@ -25,7 +25,7 @@ Cypress.Commands.add( cy.get('#username').should('be.enabled').type(username); cy.get('#password').should('be.enabled').type(password); cy.contains('button', 'Sign In').click(); - cy.contains('Secrets Engines').should('be.visible'); + cy.contains('Secrets engines').should('be.visible'); } ); diff --git a/bitnami/vault/Chart.lock b/bitnami/vault/Chart.lock index 98394691ab..29a9498f6e 100644 --- a/bitnami/vault/Chart.lock +++ b/bitnami/vault/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.11.1 -digest: sha256:ead8f26c76a9ec082f23629a358e8efd8f88d87aaed734bf41febcb8a7bc5d4c -generated: "2023-09-18T16:38:57.810819+02:00" + version: 2.12.0 +digest: sha256:bee62139700f032539621dd38fa1d7285f277b91577c55ea26045254d33825ed +generated: "2023-09-29T05:07:17.227688873Z" diff --git a/bitnami/vault/Chart.yaml b/bitnami/vault/Chart.yaml index 05a6d276b5..5cc16a4b91 100644 --- a/bitnami/vault/Chart.yaml +++ b/bitnami/vault/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r66 + image: docker.io/bitnami/os-shell:11-debian-11-r82 - name: vault-csi-provider - image: docker.io/bitnami/vault-csi-provider:1.4.0-debian-11-r119 + image: docker.io/bitnami/vault-csi-provider:1.4.0-debian-11-r130 - name: vault-k8s - image: docker.io/bitnami/vault-k8s:1.3.0-debian-11-r2 + image: docker.io/bitnami/vault-k8s:1.3.0-debian-11-r14 - name: vault - image: docker.io/bitnami/vault:1.14.3-debian-11-r0 + image: docker.io/bitnami/vault:1.15.0-debian-11-r0 apiVersion: v2 -appVersion: 1.14.3 +appVersion: 1.15.0 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -35,4 +35,4 @@ maintainers: name: vault sources: - https://github.com/bitnami/charts/tree/main/bitnami/vault -version: 0.3.4 +version: 0.3.5 diff --git a/bitnami/vault/README.md b/bitnami/vault/README.md index 3c0dc61331..fdc7e91c8b 100644 --- a/bitnami/vault/README.md +++ b/bitnami/vault/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | `server.enabled` | Enable Vault Server | `true` | | `server.image.registry` | Vault Server image registry | `docker.io` | | `server.image.repository` | Vault Server image repository | `bitnami/vault` | -| `server.image.tag` | Vault Server image tag (immutable tags are recommended) | `1.14.3-debian-11-r0` | +| `server.image.tag` | Vault Server image tag (immutable tags are recommended) | `1.15.0-debian-11-r0` | | `server.image.digest` | Vault Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | | `server.image.pullPolicy` | Vault Server image pull policy | `IfNotPresent` | | `server.image.pullSecrets` | Vault Server image pull secrets | `[]` | @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `csiProvider.enabled` | Enable Vault CSI Provider | `false` | | `csiProvider.image.registry` | Vault CSI Provider image registry | `docker.io` | | `csiProvider.image.repository` | Vault CSI Provider image repository | `bitnami/vault-csi-provider` | -| `csiProvider.image.tag` | Vault CSI Provider image tag (immutable tags are recommended) | `1.4.0-debian-11-r119` | +| `csiProvider.image.tag` | Vault CSI Provider image tag (immutable tags are recommended) | `1.4.0-debian-11-r130` | | `csiProvider.image.digest` | Vault CSI Provider image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | | `csiProvider.image.pullPolicy` | Vault CSI Provider image pull policy | `IfNotPresent` | | `csiProvider.image.pullSecrets` | Vault CSI Provider image pull secrets | `[]` | @@ -367,84 +367,84 @@ The command removes all the Kubernetes components associated with the chart and ### Vault Kubernetes Injector Parameters -| Name | Description | Value | -| ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | -| `injector.enabled` | Enable Vault Kubernetes Injector | `true` | -| `injector.image.registry` | Vault Kubernetes Injector image registry | `docker.io` | -| `injector.image.repository` | Vault Kubernetes Injector image repository | `bitnami/vault-k8s` | -| `injector.image.tag` | Vault Kubernetes Injector image tag (immutable tags are recommended) | `1.3.0-debian-11-r2` | -| `injector.image.digest` | Vault Kubernetes Injector image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | -| `injector.image.pullPolicy` | Vault Kubernetes Injector image pull policy | `IfNotPresent` | -| `injector.image.pullSecrets` | Vault Kubernetes Injector image pull secrets | `[]` | -| `injector.image.debug` | Enable Vault Kubernetes Injector image debug mode | `false` | -| `injector.replicaCount` | Number of Vault Kubernetes Injector replicas to deploy | `1` | -| `injector.containerPorts.https` | Vault Kubernetes Injector metrics container port | `8080` | -| `injector.livenessProbe.enabled` | Enable livenessProbe on Vault Kubernetes Injector containers | `true` | -| `injector.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `injector.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `injector.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `injector.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `injector.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `injector.readinessProbe.enabled` | Enable readinessProbe on Vault Kubernetes Injector containers | `true` | -| `injector.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `injector.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `injector.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `injector.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `injector.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `injector.startupProbe.enabled` | Enable startupProbe on Vault Kubernetes Injector containers | `false` | -| `injector.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `injector.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `injector.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `injector.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `injector.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `injector.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `injector.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `injector.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `injector.resources.limits` | The resources limits for the Vault Kubernetes Injector containers | `{}` | -| `injector.resources.requests` | The requested resources for the Vault Kubernetes Injector containers | `{}` | -| `injector.podSecurityContext.enabled` | Enabled Vault Kubernetes Injector pods' Security Context | `true` | -| `injector.podSecurityContext.fsGroup` | Set Vault Kubernetes Injector pod's Security Context fsGroup | `1001` | -| `injector.podSecurityContext.seccompProfile.type` | Set Vault Kubernetes Injector container's Security Context seccomp profile | `RuntimeDefault` | -| `injector.containerSecurityContext.enabled` | Enabled Vault Kubernetes Injector containers' Security Context | `true` | -| `injector.containerSecurityContext.runAsUser` | Set Vault Kubernetes Injector containers' Security Context runAsUser | `1001` | -| `injector.containerSecurityContext.runAsNonRoot` | Set Vault Kubernetes Injector containers' Security Context runAsNonRoot | `true` | -| `injector.containerSecurityContext.readOnlyRootFilesystem` | Set Vault Kubernetes Injector containers' Security Context runAsNonRoot | `true` | -| `injector.containerSecurityContext.allowPrivilegeEscalation` | Set Vault Kubernetes Injector container's privilege escalation | `false` | -| `injector.containerSecurityContext.capabilities.drop` | Set Vault Kubernetes Injector container's Security Context runAsNonRoot | `["ALL"]` | -| `injector.command` | Override default container command (useful when using custom images) | `[]` | -| `injector.args` | Override default container args (useful when using custom images) | `[]` | -| `injector.hostAliases` | Vault Kubernetes Injector pods host aliases | `[]` | -| `injector.podLabels` | Extra labels for Vault Kubernetes Injector pods | `{}` | -| `injector.podAnnotations` | Annotations for Vault Kubernetes Injector pods | `{}` | -| `injector.podAffinityPreset` | Pod affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `injector.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `injector.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `injector.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `injector.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `injector.autoscaling.enabled` | Enable autoscaling for injector | `false` | -| `injector.autoscaling.minReplicas` | Minimum number of injector replicas | `""` | -| `injector.autoscaling.maxReplicas` | Maximum number of injector replicas | `""` | -| `injector.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `injector.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `injector.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `injector.nodeAffinityPreset.key` | Node label key to match. Ignored if `injector.affinity` is set | `""` | -| `injector.nodeAffinityPreset.values` | Node label values to match. Ignored if `injector.affinity` is set | `[]` | -| `injector.affinity` | Affinity for Vault Kubernetes Injector pods assignment | `{}` | -| `injector.nodeSelector` | Node labels for Vault Kubernetes Injector pods assignment | `{}` | -| `injector.tolerations` | Tolerations for Vault Kubernetes Injector pods assignment | `[]` | -| `injector.updateStrategy.type` | Vault Kubernetes Injector statefulset strategy type | `RollingUpdate` | -| `injector.priorityClassName` | Vault Kubernetes Injector pods' priorityClassName | `""` | -| `injector.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `injector.schedulerName` | Name of the k8s scheduler (other than default) for Vault Kubernetes Injector pods | `""` | -| `injector.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `injector.lifecycleHooks` | for the Vault Kubernetes Injector container(s) to automate configuration before or after startup | `{}` | -| `injector.extraEnvVars` | Array with extra environment variables to add to Vault Kubernetes Injector nodes | `[]` | -| `injector.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Vault Kubernetes Injector nodes | `""` | -| `injector.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Vault Kubernetes Injector nodes | `""` | -| `injector.extraVolumes` | Optionally specify extra list of additional volumes for the Vault Kubernetes Injector pod(s) | `[]` | -| `injector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Vault Kubernetes Injector container(s) | `[]` | -| `injector.sidecars` | Add additional sidecar containers to the Vault Kubernetes Injector pod(s) | `[]` | -| `injector.initContainers` | Add additional init containers to the Vault Kubernetes Injector pod(s) | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `injector.enabled` | Enable Vault Kubernetes Injector | `true` | +| `injector.image.registry` | Vault Kubernetes Injector image registry | `docker.io` | +| `injector.image.repository` | Vault Kubernetes Injector image repository | `bitnami/vault-k8s` | +| `injector.image.tag` | Vault Kubernetes Injector image tag (immutable tags are recommended) | `1.3.0-debian-11-r14` | +| `injector.image.digest` | Vault Kubernetes Injector image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `injector.image.pullPolicy` | Vault Kubernetes Injector image pull policy | `IfNotPresent` | +| `injector.image.pullSecrets` | Vault Kubernetes Injector image pull secrets | `[]` | +| `injector.image.debug` | Enable Vault Kubernetes Injector image debug mode | `false` | +| `injector.replicaCount` | Number of Vault Kubernetes Injector replicas to deploy | `1` | +| `injector.containerPorts.https` | Vault Kubernetes Injector metrics container port | `8080` | +| `injector.livenessProbe.enabled` | Enable livenessProbe on Vault Kubernetes Injector containers | `true` | +| `injector.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `injector.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `injector.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `injector.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `injector.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `injector.readinessProbe.enabled` | Enable readinessProbe on Vault Kubernetes Injector containers | `true` | +| `injector.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `injector.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `injector.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `injector.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `injector.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `injector.startupProbe.enabled` | Enable startupProbe on Vault Kubernetes Injector containers | `false` | +| `injector.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `injector.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `injector.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `injector.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `injector.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `injector.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `injector.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `injector.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `injector.resources.limits` | The resources limits for the Vault Kubernetes Injector containers | `{}` | +| `injector.resources.requests` | The requested resources for the Vault Kubernetes Injector containers | `{}` | +| `injector.podSecurityContext.enabled` | Enabled Vault Kubernetes Injector pods' Security Context | `true` | +| `injector.podSecurityContext.fsGroup` | Set Vault Kubernetes Injector pod's Security Context fsGroup | `1001` | +| `injector.podSecurityContext.seccompProfile.type` | Set Vault Kubernetes Injector container's Security Context seccomp profile | `RuntimeDefault` | +| `injector.containerSecurityContext.enabled` | Enabled Vault Kubernetes Injector containers' Security Context | `true` | +| `injector.containerSecurityContext.runAsUser` | Set Vault Kubernetes Injector containers' Security Context runAsUser | `1001` | +| `injector.containerSecurityContext.runAsNonRoot` | Set Vault Kubernetes Injector containers' Security Context runAsNonRoot | `true` | +| `injector.containerSecurityContext.readOnlyRootFilesystem` | Set Vault Kubernetes Injector containers' Security Context runAsNonRoot | `true` | +| `injector.containerSecurityContext.allowPrivilegeEscalation` | Set Vault Kubernetes Injector container's privilege escalation | `false` | +| `injector.containerSecurityContext.capabilities.drop` | Set Vault Kubernetes Injector container's Security Context runAsNonRoot | `["ALL"]` | +| `injector.command` | Override default container command (useful when using custom images) | `[]` | +| `injector.args` | Override default container args (useful when using custom images) | `[]` | +| `injector.hostAliases` | Vault Kubernetes Injector pods host aliases | `[]` | +| `injector.podLabels` | Extra labels for Vault Kubernetes Injector pods | `{}` | +| `injector.podAnnotations` | Annotations for Vault Kubernetes Injector pods | `{}` | +| `injector.podAffinityPreset` | Pod affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `injector.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `injector.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `injector.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `injector.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `injector.autoscaling.enabled` | Enable autoscaling for injector | `false` | +| `injector.autoscaling.minReplicas` | Minimum number of injector replicas | `""` | +| `injector.autoscaling.maxReplicas` | Maximum number of injector replicas | `""` | +| `injector.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `injector.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `injector.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `injector.nodeAffinityPreset.key` | Node label key to match. Ignored if `injector.affinity` is set | `""` | +| `injector.nodeAffinityPreset.values` | Node label values to match. Ignored if `injector.affinity` is set | `[]` | +| `injector.affinity` | Affinity for Vault Kubernetes Injector pods assignment | `{}` | +| `injector.nodeSelector` | Node labels for Vault Kubernetes Injector pods assignment | `{}` | +| `injector.tolerations` | Tolerations for Vault Kubernetes Injector pods assignment | `[]` | +| `injector.updateStrategy.type` | Vault Kubernetes Injector statefulset strategy type | `RollingUpdate` | +| `injector.priorityClassName` | Vault Kubernetes Injector pods' priorityClassName | `""` | +| `injector.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `injector.schedulerName` | Name of the k8s scheduler (other than default) for Vault Kubernetes Injector pods | `""` | +| `injector.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `injector.lifecycleHooks` | for the Vault Kubernetes Injector container(s) to automate configuration before or after startup | `{}` | +| `injector.extraEnvVars` | Array with extra environment variables to add to Vault Kubernetes Injector nodes | `[]` | +| `injector.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Vault Kubernetes Injector nodes | `""` | +| `injector.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Vault Kubernetes Injector nodes | `""` | +| `injector.extraVolumes` | Optionally specify extra list of additional volumes for the Vault Kubernetes Injector pod(s) | `[]` | +| `injector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Vault Kubernetes Injector container(s) | `[]` | +| `injector.sidecars` | Add additional sidecar containers to the Vault Kubernetes Injector pod(s) | `[]` | +| `injector.initContainers` | Add additional init containers to the Vault Kubernetes Injector pod(s) | `[]` | ### Vault Kubernetes Injector Traffic Exposure Parameters @@ -475,7 +475,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r66` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r82` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | diff --git a/bitnami/vault/values.yaml b/bitnami/vault/values.yaml index af72624327..4d85b96a43 100644 --- a/bitnami/vault/values.yaml +++ b/bitnami/vault/values.yaml @@ -83,7 +83,7 @@ server: image: registry: docker.io repository: bitnami/vault - tag: 1.14.3-debian-11-r0 + tag: 1.15.0-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -732,7 +732,7 @@ csiProvider: image: registry: docker.io repository: bitnami/vault-csi-provider - tag: 1.4.0-debian-11-r119 + tag: 1.4.0-debian-11-r130 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1167,7 +1167,7 @@ injector: image: registry: docker.io repository: bitnami/vault-k8s - tag: 1.3.0-debian-11-r2 + tag: 1.3.0-debian-11-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1544,7 +1544,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r66 + tag: 11-debian-11-r82 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets.